29Haz
Do SAML responses containing encrypted assertions provide protection against MiTM attacks?
A previously asked question touches on topics which are very similar to what I am having trouble understanding.
In a web application I am testing, SAML SSO is brokered using Keycloak. The SAML Response messages contain Encrypted Assertions (<saml:EncryptedAssertion>
). Before the encrypted assertion is a Signature (<dsig:Signature>
); if the signature is removed, the SP still accepts the user authentication.
- Can the content of these messages only be read by the SP/IdP/Keycloak?
- Can new assertions be encrypted using an available public key, thus replacing the original assertion? If so, where/how can the relevant public key be found?
- What is the purpose of the signature if removing it does nothing? Is this an issue with Keycloak (the broker)? Is the SP responsible for verifying the signature?
I may be missing some knowledge regarding Keycloak's way of brokering authentication, or the SAML flow itself, but I can't seem to find much info about any of this online, apart from the above linked question, which is still partially unanswered.
EDIT: Attaching an example of a SAML Response as I am seeing it:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response Destination="https://example.com/saml/SSO"
ID="0000000-000-000-000-00000000"
InResponseTo="abc123abc123abc123"
IssueInstant="2020-06-29T00:00:0000Z" Version="2.0"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://sso.example.com/auth/realms/MY-APP</saml:Issuer>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<dsig:Reference URI="#ID_0000000-000-000-000-00000000">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<dsig:DigestValue>/DATA=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue>DATA==</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:KeyName>AAAAAA-AAAAA-1234567987654321234567</dsig:KeyName>
<dsig:X509Data>
<dsig:X509Certificate>CERT==</dsig:X509Certificate>
</dsig:X509Data>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>DATA==</dsig:Modulus>
<dsig:Exponent>AAAA</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
</dsig:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</samlp:Status>
<saml:EncryptedAssertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<xenc:CipherData>
<xenc:CipherValue>DATA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>LONG_DATA==</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</saml:EncryptedAssertion>
</samlp:Response>